A new survey released this week showed that even though awareness has grown among software developers about the need to improve application security, there is still a lack of action to create secure code.
Commissioned by Symantec this June, the survey polled 400 U.S.-based developers. Of these, 93 percent felt that secure application development was more of a priority now than three years ago, and 70 percent said that their employers emphasize the importance of application security. Nevertheless, only 29 percent stated that security was always a part of the development process.
For many in the security industry, the lack of prevalent secure coding practices is disconcerting.
"That basically sucks," wrote Roger Thornton, CEO of Fortify Software, in a blog response to the survey results. "So, just about everyone knows its important, at nearly three-fourths of all companies the folks paying the bills want us to do something, but we are fulfilling those wishes once in a while and thus dropping the ball 71 percent of the time - that's a failing grade."
Others believe, however, that the survey results point to a steady path to improvement. According to Brad Arkin, senior manager for Symantec's Security Learning Services Group, the first step on this path is increased awareness—something that the survey showed to be clearly improving.
"That 93 percent really fits with what I'm seeing in the field," Arkin said. "It used to be that maybe organizations had a small team that looked at application security. Whereas today across the entire development community within (those companies), everyone knows its an issue. They know they need to address it and they may be in various stages in making progress towards that, but everyone knows it is an issue now."
Click here to email Ericka Chickowski.